Commit 9b120d57 authored by Noe Nieto's avatar Noe Nieto 💬

Validate username against list of forbidden words; Purism/LibremOne/task#351

parent 8cd1e17a
......@@ -5,6 +5,7 @@ from django import forms
from django.conf import settings
from django.contrib.auth import get_user_model
from django.contrib.auth import logout
from django.core.exceptions import ValidationError
from django.core.validators import RegexValidator
from django.http import HttpResponseRedirect
from django.urls import reverse
......@@ -21,6 +22,11 @@ from purist.models import AccountType
User = get_user_model()
def validate_reserved_names(value):
if value in settings.REG_BAD_SUBSTRINGS:
raise ValidationError(validators.RESERVED_NAME, code='invalid')
class CartRegistrationForm(RegistrationForm):
class Meta(RegistrationForm.Meta):
fields = (
......@@ -57,6 +63,11 @@ class CartRegistrationForm(RegistrationForm):
],
)
def __init__(self, *args, **kwargs):
super(CartRegistrationForm, self).__init__(*args, **kwargs)
self.fields['username'].validators.append(validate_reserved_names)
class CartRegistrationFormWithCaptcha(CartRegistrationForm):
captcha = CaptchaField(
label=_('Please solve this sum'),
......
......@@ -23,6 +23,7 @@ REG_PERSON_BASE_DN=ou=people,dc=example,dc=com
REG_PERSON_OBJECT_CLASSES=inetOrgPerson,organizationalPerson,person
REG_GROUP_BASE_DN=ou=groups,dc=example,dc=com
REG_GROUP_OBJECT_CLASSES=groupOfNames
REG_BAD_SUBSTRINGS=foo,bar,baz,solovino
AUTH_LDAP_SERVER_URI=ldap://ldap.example.com
AUTH_LDAP_START_TLS=True
AUTH_LDAP_BIND_DN=cn=admin,dc=example,dc=com
......
......@@ -87,6 +87,7 @@ REG_PERSON_OBJECT_CLASSES = config("REG_PERSON_OBJECT_CLASSES", cast=Csv())
REG_GROUP_BASE_DN = config("REG_GROUP_BASE_DN")
REG_GROUP_OBJECT_CLASSES = config("REG_GROUP_OBJECT_CLASSES", cast=Csv())
REG_BAD_SUBSTRINGS = config.get("REG_BAD_SUBSTRINGS", "")
#
# AUTHENTICATION
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment